Brian Krebs reports:
Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under its earlier name, “Ryuk.”
Read more at KrebsonSecurity.com. Brian has some interesting statistics in this report that may surprise those who tend to rely on HHS’s public breach tool to get an understanding of what is going on. As he notes:
While Conti is just one of many ransomware groups threatening the healthcare industry, it seems likely that ransomware attacks on the healthcare sector are underreported. Perhaps this is because a large percentage of victims are paying a ransom demand to keep their data (and news of their breach) confidential.
For those entities who are covered by HIPAA, they are legally obligated to report breaches even if they pay the ransom. If it turns out that they are not disclosing to HHS and to patients, as required by HIPAA and HITECH, then hopefully OCR will hear from whistleblowers, investigate, and send a strong message to all covered entities accompanied by a stiff monetary penalty for failing to report.